Mobile credentials for resources management in collaborative applications

ABSTRACT

One or more servers may receive a meeting request from a computer. The one or more servers may transmit a meeting invitation a participant. The participant may accept or decline the meeting invitation. If the participant accepts the meeting invitation, the one or more servers may transmit a credential to the mobile device of the participant.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application claims the benefit of U.S. Provisional PatentApplication No. 61/757,562, filed on Jan. 28, 2013, which is herebyincorporated by reference in its entirety.

BACKGROUND

The present invention generally relates to mobile credentials forresources management. Credentials may be used in various systems andmanaged in various ways. Some existing systems have various shortcomingsrelative to certain applications. Accordingly, there remains a need forfurther contributions in this area of technology.

SUMMARY

One embodiment of the present invention is a unique resources managementsystem using credentials. Other embodiments include apparatuses,systems, devices, hardware, methods, and combinations for managingresources using credentials. Further embodiments, forms, features,aspects, benefits, and advantages of the present application shallbecome apparent from the description and figures provided herewith.

BRIEF DESCRIPTION OF THE FIGURES

The description herein makes reference to the accompanying figureswherein like reference numerals refer to like parts throughout theseveral views, and wherein:

FIG. 1 is a schematic block diagram of an exemplary system; and

FIG. 2 is a schematic block diagram of a computing device.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

For the purposes of promoting an understanding of the principles of theinvention, reference will now be made to the embodiments illustrated inthe drawings and specific language will be used to describe the same. Itwill nevertheless be understood that no limitation of the scope of theinvention is thereby intended. Any alterations and further modificationsin the described embodiments, and any further applications of theprinciples of the invention as described herein are contemplated aswould normally occur to one skilled in the art to which the inventionrelates.

The present application is generally directed to management of resources(e.g., conference rooms and/or other equipment which can be accessedand/or controlled by a credential) by delivering a credential to amobile device, such as a mobile phone, of an invited attendee.

FIG. 1 is a schematic block diagram of an exemplary system 100, whichillustrates a process for delivering credentials to a mobile device.Operations illustrated for all of the processes in the presentapplication are understood to be examples only, and operations may becombined or divided, and added or removed, as well as re-ordered inwhole or in part, unless explicitly stated to the contrary.

The system 100 includes a meeting organizer 102 that organizes a meetingand generates a meeting request 104 using a computer 106. The computer106 is a computing device such as a desktop computer, laptop computer,tablet computer, or a mobile phone. The meeting request 104 may includeinformation such as date, time, participant list, room or location 105,and/or equipment 107. The computer 106 includes an email and/orcalendaring program 108 such as Microsoft Outlook or Exchange, LotusNotes, etc. It is contemplated that the calendaring program 108 may notbe located on a local machine such as computer 106, but may be part of acloud service that the computer 106 may access on the Internet.

The system 100 may also include an email and/or calendar server 110. Theemail and/or calendar server 110 may include an email and/or calendarprogram 112, which may receive the meeting request 104. The email and/orcalendar server 110 may be configured to manage the scheduling,reservation, and availability of rooms 105 and/or equipment 107 in afacility. Rooms 105 and equipment 107 are sometimes referred to asresources. The rooms 105 may be secured by an electronic access controlsystem 111.

The email and/or calendar server 110 may maintain a calendar, may beviewed like an individual's calendar, for the rooms 105 and/or equipment107. Rooms 105 and/or equipment 107 may be configured to acceptreservation requests in multiple ways such as moderated and auto-accept.In a moderated configuration, requests to reserve the resource aregenerally approved or denied by a person (delegate). Typically, thedelegate for a moderated resource will receive an email when someonerequests to use that resource. For example, when someone creates ameeting request 104 to reserve a room 105 and/or equipment 107, thedelegate will receive an email from the email and/or calendar server 110that the delegate may accept or deny on behalf of the room 105 and/orequipment 107. Generally, once the delegate accepts the meeting request104, credential(s) may be delivered to participants who have accepted tothe meeting invitation. In an auto-accept configuration, requests toreserve the resource are generally automatically accepted subject toavailability. When a request for a room 105 and/or a piece of equipment107 is accepted in the email and/or calendar server 110, an event may beadded to the resource's calendar.

The email and/or calendar server 110 may generate and send a meetinginvitation 114 to one or more participants 116. The meeting invitation114 may be sent to a mobile device 118, e.g., a mobile phone, of each ofthe participants 116. The participants 116 may transmit acceptances 120using the mobile device 118. The mobile device 118 may also include anemail and/or calendar program (not shown for clarity) that receives theinvitation 114 and generates the acceptance 120. It is contemplated thatthe computer 106 may send the meeting invitation to the participants116, rather than the email and/or calendar server 110.

After receiving an acceptance 120, the email and/or calendar server 110may then send a credential request 122 to a credential server 124. Thecredential server 124 may be a Credential Management Service or Server(CMS). The credential request 122 may include information such as anidentification of the room 105 that a participant 116 will be accessing,a facility code, a badge identifier, a date, a time, equipment (e.g.,laptops or projectors) 107 in the room to be used, and/or anidentification of the participant 116 such as his or her name and/ormobile phone number. In some embodiments, the email and/or calendarserver 110 and the credential server 124 may be one server that performssome or all of the functions of both servers.

The credential server 124 may generate one or more credentials 126 andtransmit the credential(s) 126 to the mobile device 118 of theparticipant 118. The credential 126 may be any type of credential suchas a MIFARE-type credential. Moreover, other types of credentials arecontemplated. In addition, the credential 126 may include a badgeidentifier, a facility code, and/or one or more keys, among otherinformation that may be included. In some embodiments, the credential126 may be include information that only allows access to the room forthe duration of the meeting. In addition, in some embodiments the accesscontrol system 111 may only allow the credential 126 to access the room105 for the duration of the meeting. It is contemplated that in thevarious embodiments, the credential 126 and/or access control system 111may allow participants into the room 105 several minutes (e.g., 15minutes) before the start of the meeting. The credential 126 may betransmitted to the mobile device 118 using, e.g., an Internetconnection, a cellular data network, or any combination thereof. Themobile device 118 may then store the credential 126 in a secure element128.

To gain access to a conference room, the mobile device 118 may transmitthe credential 126 to a reader device 130, such as a reader and/or alock, that secures the conference room. The mobile device 118 and thereader device 130 may communicate using Near Field Communication (NFC)and/or any other protocol(s). The reader device 130 may be an offlinereader and/or lock. However, it is contemplated that the reader device130 may be an online reader and/or lock. Furthermore, it is contemplatedthat the credential server 124 and/or access control system 111 maydeliver credential information and/or access rights information to anonline reader and/or lock.

Equipment 107 may also be reserved, accessed, and used via thecredential 126 on the mobile device 118 of the participant 116.Equipment 107 may include projectors, laptops, and/or other devices thatmay be kept in lockers electronically controlled. In addition, theequipment 107 may also include any type of credential-controlledequipment such as an electric vehicle (e.g., a golf cart used on a largecampus) or a refrigerator in the meeting room 105. Equipment 132 maycommunicate with the mobile device 118 using any communication protocolsuch as NFC or Bluetooth.

Other features and/or variations of the present application may includeone or more of the following. For example, a mobile credential alreadyexists in the secure element 128 of the mobile device 118 to open aparticipant's own office and therefore an extension for a credential maybe sent to the mobile device 118 rather than a new or a differentcredential. The extension of the credential may include information thatindicates to the lock that the mobile device 118 has authority accessthe room. One example may include a coded data format based on TLV.

In other embodiments, a credential already on the mobile device 118 isnot updated, but the access control system 111 is updated to allow themobile device 118 access to the room 105 during the day and timeallocated for the meeting. In these embodiments, typically, the readerdevice 130 grants access after the access control system 111 approvesthat the credential 126 from the mobile device 118 is allowed to accessthe room 105.

In another example, a participant 116 may receive the credential 126 fora colleague that is still using a plastic card credential. Theparticipant 116 may then transfer the credential 126 to the plastic cardcredential using the mobile device 118.

In yet another example, the booking time window for a resource may belimited. As another example, a meeting organizer 102 may receive aresponse message that includes information about the delivery of thecredentials 126 including who has access to the room 105 and/orequipment 107. In another example, management of recurring meetings maybe handled in various ways such as sending new credentials before eachmeeting, sending one credential that will work for all meetings, or acombination thereof.

FIG. 2 is a schematic block diagram of a computing device 200. Thecomputing device 200 is one example of a computer, server, mobiledevice, reader device, or equipment configuration which may be utilizedin connection with the computer 106, server 110, mobile device 118,server 124, reader device 130, or equipment 107 shown in FIG. 1.Computing device 200 includes a processing device 202, an input/outputdevice 204, memory 206, and operating logic 208. Furthermore, computingdevice 200 communicates with one or more external devices 210.

The input/output device 204 allows the computing device 200 tocommunicate with the external device 210. For example, the input/outputdevice 204 may be a network adapter, network card, interface, or a port(e.g., a USB port, serial port, parallel port, an analog port, a digitalport, VGA, DVI, HDMI, FireWire, CAT 5, or any other type of port orinterface). The input/output device 204 may be comprised of hardware,software, and/or firmware. It is contemplated that the input/outputdevice 204 includes more than one of these adapters, cards, or ports.

The external device 210 may be any type of device that allows data to beinputted or outputted from the computing device 200. For example, theexternal device 210 may be a mobile device, a reader device, equipment,a handheld computer, a diagnostic tool, a controller, a computer, aserver, a printer, a display, an alarm, an illuminated indicator such asa status indicator, a keyboard, a mouse, or a touch screen display.Furthermore, it is contemplated that the external device 210 may beintegrated into the computing device 200. It is further contemplatedthat there may be more than one external device in communication withthe computing device 200.

Processing device 202 can be of a programmable type, a dedicated,hardwired state machine, or a combination of these; and can furtherinclude multiple processors, Arithmetic-Logic Units (ALUs), CentralProcessing Units (CPUs), Digital Signal Processors (DSPs) or the like.For forms of processing device 202 with multiple processing units,distributed, pipelined, and/or parallel processing can be utilized asappropriate. Processing device 202 may be dedicated to performance ofjust the operations described herein or may be utilized in one or moreadditional applications. In the depicted form, processing device 202 isof a programmable variety that executes algorithms and processes data inaccordance with operating logic 208 as defined by programminginstructions (such as software or firmware) stored in memory 206.Alternatively or additionally, operating logic 208 for processing device202 is at least partially defined by hardwired logic or other hardware.Processing device 202 can be comprised of one or more components of anytype suitable to process the signals received from input/output device204 or elsewhere, and provide desired output signals. Such componentsmay include digital circuitry, analog circuitry, or a combination ofboth.

Memory 206 may be of one or more types, such as a solid-state variety,electromagnetic variety, optical variety, or a combination of theseforms. Furthermore, memory 206 can be volatile, nonvolatile, or acombination of these types, and some or all of memory 206 can be of aportable variety, such as a disk, tape, memory stick, cartridge, or thelike. In addition, memory 206 can store data that is manipulated by theoperating logic 208 of processing device 202, such as datarepresentative of signals received from and/or sent to input/outputdevice 204 in addition to or in lieu of storing programming instructionsdefining operating logic 208, just to name one example. As shown in FIG.2, memory 206 may be included with processing device 202 and/or coupledto the processing device 202.

The processes in the present application may be implemented in operatinglogic 208 as operations by software, hardware, artificial intelligence,fuzzy logic, or any combination thereof, or at least partially performedby a user or operator. In certain embodiments, modules representsoftware elements as a computer program encoded on a computer readablemedium, wherein the computer 106, server 110, mobile device 118, server124, equipment 107, and/or reader device 130 performs the describedoperations when executing the computer program.

The present application may include one or more of the followingfeatures. For example, the present application may include relativelysimplified management compared to a mechanical credential (e.g.,traditional key) because a mechanical key manager is not required andemployees do not have to spend work time to obtain a mechanical key. Inaddition, the present application may provide better security becausethe present application generally reduces or eliminates the risk of anemployee losing a key or not returning a key.

The present application may include one or more of the followingfeatures as compared to a plastic credential. For example, credentialsare generally delivered and refreshed to a hotspot (e.g., data on card),which might not be installed inside a facility, but the presentapplication and its delivery method may reduce this issue. As anotherexample, an individual generally walks to certain types of doors orlocks to update the door or lock's access control or rights database(e.g., data on lock), but with the present application an individual maynot have to walk to a door or lock to update it.

Furthermore, the present application may allow meetings to be organizedin a relatively more time efficient manner and may allow only invitedindividuals to enter the meeting room. Other individuals may join at alater time, which may avoid meeting interruptions by unwantedintrusions. In other embodiments, the credential may allow the person toenter a room or building that they typically do not have access to, notnecessarily for a meeting, such as on school or business campuses.

It is also contemplated that the system 100 may be used to reserve anduse resources, such as equipment 107, with or without reserving ameeting room. The credential 126 on the mobile device 118 would be usedto access and/or control the resource.

One aspect of the present application may include a method, comprising:receiving a meeting request; transmitting a meeting invitation to one ormore participants; receiving one or more acceptances from the one ormore participants; transmitting a credential request to a server; andtransmitting a credential to a mobile device of at least oneparticipant.

Other features of the aspect of the present application may include oneor more of the following: wherein the credential request includes anidentification of at least one participant and an identification of aroom; wherein the credential is valid only for a duration of themeeting; wherein the device is a mobile phone; storing the credential ina secure element of the mobile device; receiving, with a reading device,the credential from the mobile device; and/or wherein the meetingrequest includes a date, a time, participant list, and room for ameeting.

While the invention has been described in connection with what ispresently considered to be the preferred embodiment, it is to beunderstood that the invention is not to be limited to the disclosedembodiment(s), but on the contrary, is intended to cover variousmodifications and equivalent arrangements included within the spirit andscope of the appended claims, which scope is to be accorded the broadestinterpretation so as to encompass all such modifications and equivalentstructures as permitted under the law. Furthermore it should beunderstood that while the use of the word preferable, preferably, orpreferred in the description above indicates that feature so describedmay be more desirable, it nonetheless may not be necessary and anyembodiment lacking the same may be contemplated as within the scope ofthe invention, that scope being defined by the claims that follow. Inreading the claims it is intended that when words such as “a,” “an,” “atleast one” and “at least a portion” are used, there is no intention tolimit the claim to only one item unless specifically stated to thecontrary in the claim. Further, when the language “at least a portion”and/or “a portion” is used the item may include a portion and/or theentire item unless specifically stated to the contrary.

1. A method, comprising: receiving, with an email and calendar server, ameeting request for a meeting from a meeting organizer; transmitting,with the email and calendar server, a meeting invitation to aparticipant in response to the meeting request; receiving, with theemail and calendar server, an acceptance from the participant based onthe meeting invitation; transmitting, with the email and calendarserver, a credential request to a credential server in response to theacceptance, wherein the credential request includes an identification ofthe participant and an identification of a meeting room; andtransmitting, with the credential server, a credential to a mobiledevice of the participant, wherein the participant cannot access themeeting room without the credential and the credential provides accessto the meeting room to the participant only when the participant arrivesat the meeting room during a time associated with the meeting.
 2. Themethod of claim 1, further comprising: transmitting a response messageto a meeting organizer, wherein the response message includesinformation about delivery of the credential to the participant.
 3. Themethod of claim 1, wherein the credential is valid only for a durationof the meeting.
 4. The method of claim 1, wherein the credential isstored in a secure element of the mobile device.
 5. The method of claim4, wherein the credential is an extension of other credentialinformation in the secure element of the mobile device.
 6. The method ofclaim 1, further comprising: receiving, with a reader device associatedwith a lock of the meeting room, the credential from the mobile device;and allowing access to the meeting room based on receiving thecredential by unlocking the lock of the meeting room in response to theparticipant arriving at the meeting room.
 7. The method of claim 1,wherein the meeting request includes a date, the time, a participantlist, and the meeting room for the meeting.
 8. The method of claim 1,further comprising: allowing the participant to access control equipmentin electronically controller lockers in the meeting room based on thecredential.
 9. The method of claim 1, further comprising: transferringthe credential from the mobile device to a plastic card credential. 10.The method of claim 1, further comprising: automatically accepting, withthe email and calendar server, the meeting request subject toavailability of the meeting room.
 11. The method of claim 1, furthercomprising: transmitting a reservation request based on the meetingrequest to a delegate; and receiving, with the email and calendarserver, an approval or denial of the reservation request from thedelegate.
 12. The method of claim 1, wherein the meeting requestincludes a series of meetings and wherein the credential is valid foreach meeting in the series.
 13. A system, comprising: a computerconfigured with non-transitory computer executable instructions togenerate a request to reserve a resource secured with one or moreelectronically controlled access systems, wherein the request includes adate and a time; one or more servers configured with non-transitorycomputer executable instructions to receive the request, determine ifthe resource is available, and transmit a credential to a user if theresource is available; and a mobile device associated with the user incommunication with the one or more servers, wherein the mobile device isconfigured with non-transitory computer executable instructions toreceive the credential from the one or more servers, store thecredential, and transmit the credential from the mobile device toprovide the user access to the resource through the electronicallycontrolled access system to utilize the resource only at the date andthe time, wherein the resource includes at least one of a meeting roomand equipment in the meeting room.
 14. The system of claim 13, whereinthe access control system includes a lock with a reader device thatreads the credential when the user approaches the lock and the mobiledevice is further configured to communicate with the reader device viaBluetooth.
 15. The system of claim 13, wherein the mobile device isfurther configured to store the credential in a secure element of themobile device.
 16. The system of claim 13, wherein the one or moreservers are further configured to automatically accept the requestsubject to availability of the resource.
 17. A method, comprising:receiving a meeting request from a computer of a meeting organizer,wherein the meeting request identifies a meeting room secured with atleast one electronically controlled access system; transmitting ameeting invitation to a participant in response to the meeting request;receiving an acceptance from the participant based on the meetinginvitation; transmitting a credential to a mobile device of theparticipant in response to the acceptance of the meeting invitation; andaccessing the electronically controlled access system with thecredential from the mobile device when the participant arrives at themeeting room.
 18. The method of claim 17, wherein the access controlsystem includes a lock with a reader device that reads the credentialwhen the user approaches the lock and further comprising: allowing theparticipant to communicate with the reader device based on thecredential via Bluetooth to unlock the lock of the meeting room only atthe date and the time of the meeting request.
 19. The method of claim17, further comprising: automatically accepting the meeting requestsubject to availability of the meeting room.
 20. The method of claim 17,further comprising: transmitting a reservation request based on themeeting request to a delegate; and receiving an approval or denial ofthe reservation request from the delegate.